ba33ce52055a325eace65b0ea36cc8081864a31973e693c6000f5205932e008b

Sharing

Copy URL Twitter E-mail

General

Target

ba33ce52055a325eace65b0ea36cc8081864a31973e693c6000f5205932e008b
Size

1.8MB
MD5

9e2ba6860e2fd6699ead9472ad4a05f2
SHA1

2e3967ea00b9f5c04ec21fb5acd8d41b5a180f52
SHA256

ba33ce52055a325eace65b0ea36cc8081864a31973e693c6000f5205932e008b
SHA512

ad9885c5ae4e8175cf011ae90d85f307023b4e02271220318bac06f38a5f2623560a23aef808e918d47747483dbd0e644bbd01bdc6b389aea388e0ba7539a0df
SSDEEP

24576:jmRC5Mfs1Lew+yy5DZFKyl26dUEkRUYQRfRYjMAGlIHFiH+r8NdPmqoHxYZhU6pU:315oyy+y/WEpYQfRYjMASIy+ORU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba33ce52055a325eace65b0ea36cc8081864a31973e693c6000f5205932e008b

Files

ba33ce52055a325eace65b0ea36cc8081864a31973e693c6000f5205932e008b
.dll windows:5 windows x86 arch:x86

49f90be2ad3f8ff5300ff4295de6ae26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rasapi32

RasFreeEapUserIdentityW
RasConnectionNotificationW
RasGetConnectStatusA

comdlg32

PrintDlgA

wininet

HttpEndRequestW
InternetSetStatusCallback
InternetOpenUrlW

msvfw32

DrawDibRealize

oleaut32

VarR8FromUI4
VarBstrFromDate
SafeArrayPutElement
VarBstrFromUI4
VarI4FromCy
VarR8FromR4
VarI4FromDate
OaBuildVersion

winmm

waveOutGetPlaybackRate
SendDriverMessage
waveOutGetID
midiOutCachePatches
midiOutGetVolume
waveOutRestart
mmioSendMessage
mixerGetNumDevs
waveOutGetDevCapsA

advapi32

GetInheritanceSourceW
SetServiceStatus
GetAclInformation
RegQueryValueExA
EqualPrefixSid
EnumDependentServicesA
IsValidSid
DuplicateTokenEx
GetSidLengthRequired
AdjustTokenPrivileges
ReadEventLogA
DuplicateToken
RegReplaceKeyW
BuildTrusteeWithSidW

ntdsapi

DsListSitesW
DsMapSchemaGuidsW
DsFreeSchemaGuidMapW

winspool.drv

DeviceCapabilitiesW
AddPrinterDriverW

psapi

EnumProcessModules

winscard

SCardStatusW

iphlpapi

UnenableRouter
IcmpCloseHandle
GetBestInterfaceEx
GetTcpStatistics

rpcrt4

NdrPointerMarshall
RpcBindingSetAuthInfoA
RpcServerRegisterAuthInfoA
NdrInterfacePointerMarshall
RpcUserFree
RpcMgmtSetCancelTimeout
NdrUserMarshalBufferSize
RpcMgmtStopServerListening
IUnknown_QueryInterface_Proxy
RpcStringFreeA
NdrPointerFree
NdrSimpleStructBufferSize

user32

ChildWindowFromPoint
UnregisterHotKey
InSendMessage
GetRawInputDeviceList
CharUpperW
SetCaretBlinkTime
CopyImage
LoadMenuIndirectA
EmptyClipboard
RemoveMenu
EqualRect
DestroyCursor
GetSystemMenu
IsWindowUnicode
GetClipboardFormatNameA
SetWindowPos
DrawAnimatedRects
EnumDesktopsA
EnumDisplaySettingsA
GetComboBoxInfo
GetNextDlgTabItem
SetCapture
GetClipboardData
ChangeDisplaySettingsW
LoadBitmapA

mprapi

MprAdminPortDisconnect
MprAdminInterfaceDisconnect
MprConfigTransportGetInfo
MprConfigInterfaceTransportAdd

powrprof

WriteGlobalPwrPolicy

wintrust

WTHelperGetProvSignerFromChain
CryptSIPRemoveSignedDataMsg
WintrustSetRegPolicyFlags

clusapi

ClusterEnum

ole32

IIDFromString
CoSuspendClassObjects
OleSaveToStream
OleIsCurrentClipboard
OleDuplicateData
StgCreatePropStg
OleRegEnumVerbs
CreateAntiMoniker

crypt32

CertSerializeCertificateStoreElement
CryptRegisterOIDFunction
CertGetCRLFromStore
CryptSignMessage
CertAddSerializedElementToStore
CertFindCertificateInCRL
CryptMsgGetAndVerifySigner
CertSetCTLContextProperty
CertFindCertificateInStore

comctl32

ImageList_Draw
ImageList_GetImageCount

imm32

ImmGetGuideLineW
ImmRegisterWordW
ImmEnumRegisterWordW

kernel32

lstrcpynW
CreatePipe
LoadLibraryExA
WriteTapemark
lstrcmpiW
FillConsoleOutputCharacterW
GetFullPathNameW
GetModuleFileNameW
OutputDebugStringA
LoadLibraryA
ClearCommBreak
CopyFileExW
GlobalFlags
SetTapeParameters
ReadFileEx
GetNumaHighestNodeNumber
HeapReAlloc
OpenFile
IsBadReadPtr
GlobalFindAtomW
MoveFileWithProgressW
OpenSemaphoreW
WritePrivateProfileStructW
VirtualProtect
CreateDirectoryA
PulseEvent
FindResourceW
VerifyVersionInfoA
EnumSystemLocalesA
FindVolumeMountPointClose
MoveFileA
SetComputerNameA
IsBadStringPtrW
SetSystemTimeAdjustment
GetNamedPipeInfo
lstrcmpA
GetProcessShutdownParameters
GetAtomNameW
GlobalMemoryStatus
GetThreadTimes
GetDiskFreeSpaceW
ExpandEnvironmentStringsA
HeapSize
SetCommState
WriteProfileSectionA

msvcrt

rename
realloc
iswprint
fwprintf
putc

shlwapi

PathFileExistsA
PathStripPathW
PathGetArgsW
SHRegWriteUSValueW
SHRegCloseUSKey
PathGetDriveNumberW
SHRegSetPathW
StrRChrIA

esent

JetRollback

gdi32

RectInRegion
SetLayout
GetCurrentPositionEx
DeleteDC
SetEnhMetaFileBits
AbortDoc
GetPath
GetBrushOrgEx
FrameRgn
OffsetRgn
CopyEnhMetaFileW
SetMiterLimit
DeleteEnhMetaFile
GetTextExtentExPointI
GetEnhMetaFileDescriptionA
CreateHatchBrush
CreateScalableFontResourceA
SetWorldTransform
SetViewportOrgEx
SetDCBrushColor
CloseEnhMetaFile
CreateDIBPatternBrushPt
PlayMetaFileRecord
CloseMetaFile
GetPolyFillMode

mscms

DisassociateColorProfileFromDeviceW

pdh

PdhEnumObjectsW
PdhOpenLogW

secur32

QueryCredentialsAttributesW
QueryContextAttributesW

netapi32

NetApiBufferFree
NetUserEnum

setupapi

CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_Size_ExW
CM_Get_DevNode_Registry_Property_ExW
SetupPromptForDiskA
SetupDiCreateDeviceInfoA
CM_Free_Res_Des_Handle
SetupOpenLog
CM_Open_Class_KeyW
SetupDiRemoveDeviceInterface
SetupDiGetClassImageListExW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiSelectBestCompatDrv

shell32

SHBrowseForFolderA
SHPathPrepareForWriteW
ExtractIconExW
SHGetSpecialFolderLocation
DragFinish

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

x
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f90be2ad3f8ff5300ff4295de6ae26

Headers

File Characteristics

Imports

rasapi32

comdlg32

wininet

msvfw32

oleaut32

winmm

advapi32

ntdsapi

winspool.drv

psapi

winscard

iphlpapi

rpcrt4

user32

mprapi

powrprof

wintrust

clusapi

ole32

crypt32

comctl32

imm32

kernel32

msvcrt

shlwapi

esent

gdi32

mscms

pdh

secur32

netapi32

setupapi

shell32

Sections

.text Size: 368KB - Virtual size: 365KB

CODE Size: 16KB - Virtual size: 13KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 60KB - Virtual size: 60KB

x Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 4KB - Virtual size: 832B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 368KB - Virtual size: 365KB

CODE
Size: 16KB - Virtual size: 13KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 60KB - Virtual size: 60KB

x
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 4KB - Virtual size: 832B

.reloc
Size: 28KB - Virtual size: 25KB